AWS上的nginx日志显示“HELP...batman”？

Question

AWS上的nginx日志显示“HELP...batman”？

8

我正在查看我的nginx日志，发现一些非常奇怪的内容。

2019/10/19 05:44:17 [warn] 30490#0: *6309 using uninitialized "year" variable while logging request, client: xx.xx.xxx, server: , request: "Gh0st��x�KS``�����Č@�Q���    H��e&�*$&g+2���00��rc��\`&��K7��n9�n;�3��sch�^�4'J����0Ñh]&��ΗS�A4L?2=�Ē�@�`T��]"
2019/10/19 05:44:17 [warn] 30490#0: *6309 using uninitialized "month" variable while logging request, client: xx.xx.xxx, server: , request: "Gh0st��x�KS``�����Č@�Q���   H��e&�*$&g+2���00��rc��\`&��K7��n9�n;�3��sch�^�4'J����0Ñh]&��ΗS�A4L?2=�Ē�@�`T��]"
2019/10/19 05:44:17 [warn] 30490#0: *6309 using uninitialized "day" variable while logging request, client: xx.xx.xxx, server: , request: "Gh0st��x�KS``�����Č@�Q��� H��e&�*$&g+2���00��rc��\`&��K7��n9�n;�3��sch�^�4'J����0Ñh]&��ΗS�A4L?2=�Ē�@�`T��]"
2019/10/19 05:44:17 [warn] 30490#0: *6309 using uninitialized "hour" variable while logging request, client: xx.xx.xxx, server: , request: "Gh0st��x�KS``�����Č@�Q���    H��e&�*$&g+2���00��rc��\`&��K7��n9�n;�3��sch�^�4'J����0Ñh]&��ΗS�A4L?2=�Ē�@�`T��]"
2019/10/19 05:44:17 [warn] 30490#0: *6310 using uninitialized "year" variable while logging request, client: xx.xx.xxx, server: , request: "145.ll|'|'|SGFjS2VkX0Q0OTkwNjI3|'|'|WIN-JNAPIER0859|'|'|JNapier|'|'|19-02-01|'|'||'|'|Win 7 Professional SP1 x64|'|'|No|'|'|0.7d|'|'|..|'|'|AA==|'|'|112.inf|'|'|SGFjS2VkDQoxOTIuMTY4LjkyLjIyMjo1NTUyDQpEZXNrdG9wDQpjbGllbnRhLmV4ZQ0KRmFsc2UNCkZhbHNlDQpUcnVlDQpGYWxzZQ==12.act|'|'|AA=="
2019/10/19 05:44:17 [warn] 30490#0: *6310 using uninitialized "month" variable while logging request, client: xx.xx.xxx, server: , request: "145.ll|'|'|SGFjS2VkX0Q0OTkwNjI3|'|'|WIN-JNAPIER0859|'|'|JNapier|'|'|19-02-01|'|'||'|'|Win 7 Professional SP1 x64|'|'|No|'|'|0.7d|'|'|..|'|'|AA==|'|'|112.inf|'|'|SGFjS2VkDQoxOTIuMTY4LjkyLjIyMjo1NTUyDQpEZXNrdG9wDQpjbGllbnRhLmV4ZQ0KRmFsc2UNCkZhbHNlDQpUcnVlDQpGYWxzZQ==12.act|'|'|AA=="
2019/10/19 05:44:17 [warn] 30490#0: *6310 using uninitialized "day" variable while logging request, client: xx.xx.xxx, server: , request: "145.ll|'|'|SGFjS2VkX0Q0OTkwNjI3|'|'|WIN-JNAPIER0859|'|'|JNapier|'|'|19-02-01|'|'||'|'|Win 7 Professional SP1 x64|'|'|No|'|'|0.7d|'|'|..|'|'|AA==|'|'|112.inf|'|'|SGFjS2VkDQoxOTIuMTY4LjkyLjIyMjo1NTUyDQpEZXNrdG9wDQpjbGllbnRhLmV4ZQ0KRmFsc2UNCkZhbHNlDQpUcnVlDQpGYWxzZQ==12.act|'|'|AA=="
2019/10/19 05:44:17 [warn] 30490#0: *6310 using uninitialized "hour" variable while logging request, client: xx.xx.xxx, server: , request: "145.ll|'|'|SGFjS2VkX0Q0OTkwNjI3|'|'|WIN-JNAPIER0859|'|'|JNapier|'|'|19-02-01|'|'||'|'|Win 7 Professional SP1 x64|'|'|No|'|'|0.7d|'|'|..|'|'|AA==|'|'|112.inf|'|'|SGFjS2VkDQoxOTIuMTY4LjkyLjIyMjo1NTUyDQpEZXNrdG9wDQpjbGllbnRhLmV4ZQ0KRmFsc2UNCkZhbHNlDQpUcnVlDQpGYWxzZQ==12.act|'|'|AA=="
2019/10/19 05:44:17 [warn] 30490#0: *6311 using uninitialized "year" variable while logging request, client: xx.xx.xxx, server: , request: "Htj��#D�+��l�׍��Jn��xu[l�E-j��xL�r�u�%�Rtgfv�]%̀�Ϯ��fȍD�    �"
2019/10/19 05:44:17 [warn] 30490#0: *6311 using uninitialized "month" variable while logging request, client: xx.xx.xxx, server: , request: "Htj��#D�+��l�׍��Jn��xu[l�E-j��xL�r�u�%�Rtgfv�]%̀�Ϯ��fȍD�   �"
2019/10/19 05:44:17 [warn] 30490#0: *6311 using uninitialized "day" variable while logging request, client: xx.xx.xxx, server: , request: "Htj��#D�+��l�׍��Jn��xu[l�E-j��xL�r�u�%�Rtgfv�]%̀�Ϯ��fȍD� �"
2019/10/19 05:44:17 [warn] 30490#0: *6311 using uninitialized "hour" variable while logging request, client: xx.xx.xxx, server: , request: "Htj��#D�+��l�׍��Jn��xu[l�E-j��xL�r�u�%�Rtgfv�]%̀�Ϯ��fȍD�    �"
2019/10/19 05:44:17 [warn] 30490#0: *6312 using uninitialized "year" variable while logging request, client: xx.xx.xxx, server: , request: "HELP"
2019/10/19 05:44:17 [warn] 30490#0: *6312 using uninitialized "month" variable while logging request, client: xx.xx.xxx, server: , request: "HELP"
2019/10/19 05:44:17 [warn] 30490#0: *6312 using uninitialized "day" variable while logging request, client: xx.xx.xxx, server: , request: "HELP"
2019/10/19 05:44:17 [warn] 30490#0: *6312 using uninitialized "hour" variable while logging request, client: xx.xx.xxx, server: , request: "HELP"
2019/10/19 05:44:17 [warn] 30490#0: *6313 using uninitialized "year" variable while logging request, client: xx.xx.xxx, server: , request: "�հ]�ē�0�X�ڱ׬�n�3*��'��k��"
2019/10/19 05:44:17 [warn] 30490#0: *6313 using uninitialized "month" variable while logging request, client: xx.xx.xxx, server: , request: "�հ]�ē�0�X�ڱ׬�n�3*��'��k��"
2019/10/19 05:44:17 [warn] 30490#0: *6313 using uninitialized "day" variable while logging request, client: xx.xx.xxx, server: , request: "�հ]�ē�0�X�ڱ׬�n�3*��'��k��"
2019/10/19 05:44:17 [warn] 30490#0: *6313 using uninitialized "hour" variable while logging request, client: xx.xx.xxx, server: , request: "�հ]�ē�0�X�ڱ׬�n�3*��'��k��"
2019/10/19 05:44:18 [warn] 30490#0: *6314 using uninitialized "year" variable while logging request, client: xx.xx.xxx, server: , request: "batman"
2019/10/19 05:44:18 [warn] 30490#0: *6314 using uninitialized "month" variable while logging request, client: xx.xx.xxx, server: , request: "batman"
2019/10/19 05:44:18 [warn] 30490#0: *6314 using uninitialized "day" variable while logging request, client: xx.xx.xxx, server: , request: "batman"
2019/10/19 05:44:18 [warn] 30490#0: *6314 using uninitialized "hour" variable while logging request, client: xx.xx.xxx, server: , request: "batman"

我猜测有人正在发送恶意数据包。这是我应该担心的事情吗？我该怎么办？

让我感到害怕的是：“Gh0st��x�KS”。

- drew kroft

这个请求来自 Web 表单吗？ - hephalump

不，我没有将Web表单连接到此端点。 - drew kroft

1

就在今天，我的VPS突然挂了。我在运行的一个简单的Python Web服务器的日志中发现了同样的“JNAPIER”行（是日志中最长的行），你知道这是什么吗？我也看到了完全相同的Win7 SP1 x64提及。如果有恶意的话，这可能是导致我的VPS进入只读模式的源头。 - ch4rl1e97

1个回答

网页内容由stack overflow 提供, 点击上面的

可以查看英文原文，
原文链接

- slm · Accepted Answer

看起来像是某个脚本小子试图入侵您的服务器或这个特定的黑客Gh0st - https://rsplayers.fandom.com/wiki/Gh0st。

无论如何，这是有人在探测您的网站以寻找漏洞。除了在维护您的互联网网站时应该做的事情之外，您不需要做任何事情。

保持您的底层操作系统补丁更新
保持您的软件更新
限制仅允许已知源IP地址访问您的应用程序等
使用防火墙和类似fail2ban的工具动态地将异常访问加入黑名单

参考资料

https://www.fail2ban.org/wiki/index.php/Main_Page